CVSS 3.1 Score 6.5 of 10 (medium)


Published Mar 26, 2024
CWE ID 200


CVE-2024-29197 is a vulnerability that affects previous versions of Pimcore, an Open Source Data & Experience Management Platform. The vulnerability allows any user to view unpublished sites by making a call with the query argument ?pimcore_preview=true. In earlier versions, only logged-in users could open a preview, but this restriction no longer applies. Previews are now accessible to any user, potentially granting unauthorized access to restricted information. The vulnerability has been fixed in versions 11.2.2 and of Pimcore. This vulnerability poses a medium risk with a base severity score of 6.5 and a high impact on confidentiality.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-29197 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options